Solved

Windows Time Server

Posted on 2014-11-05
6
91 Views
Last Modified: 2014-12-16
One of our NTP time servers is a standalone physical server. It gets its time from external time sources. This server is being replaced by a server which will be joined to our active directory.  I realize all computers joined to a domain get their network time from the Domain Controllers. Hopefully it can still be used as a network time server.

Unfortunately our time clients are configured with an IP address instead of a dns name. The replacement server will inherit the old server's IP address so changes to the client's time config should not be needed.

Can this new server (joined to the AD) still be configured to go the internet to get time and act as a time server?  

The old server is Windows 2003 sp2 stand alone.  New server is Windows 2008 R2.
0
Comment
Question by:epmmis
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:it_saige
ID: 40425354
It can, but as you stated domain computers are configured, by default, to obtain their time source from the Domain Hierarchy.  This domain time source is recommended to be the PDC Emulator.  Otherwise, you can configure group policies so that the domain computers can get their time from a different source, in this case, the time server will be treated as an external time source.

-saige-
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40425956
To be even more specific... the PDC FSMO holder should  be configured to be the only DC to go to an external (reliable) time source.  All other DCs (FSMO holder or not) reference the PDC Role holder as a trust time device.  Then all domain joined clients use the DC infrastructure to get time.

You need to manually configure your PDC Role holder, reference link below:

http://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx

I agree with it_saige that you could update your desktops/laptops/workstations with a GPO but as for other devices that pull time via IP, those should be pointed to the DC which holds the PDC FSMO.

As a 2nd option, you could DCPromo the replacement server and then transfer the PDC Role to it.  Then follow the instructions in the link above to configure the PDC Role holder as a reliable time source for the domain.  But I do not know what your domain looks like, how your network is setup or where all the DC exist on the network.

Dan
0
 

Author Comment

by:epmmis
ID: 40426782
I am sorry did not make my request clear.  The domain will continue to use the PDC emulator DC to get their time.  This is not an attempt to change how the domain processes time.

This new server will be the time source for other physical servers, such as my linux servers.  My domain controllers (and most of my AD) is virtualized.  It is best the physical host servers and my linux servers get their time from a physical server independent of the virtualize domain controllers.
0
 
LVL 32

Assisted Solution

by:it_saige
it_saige earned 250 total points
ID: 40426828
My post may have been overcomplicated.  In short, yes, you can do whay you want.

-saige-
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40426908
I might add, though, since you are implementing (or redeploying) your own time server, that already connects to an external time source, there is nothing that states that your PDC emulator cannot use this server as it's external time source.  This might also be a best practice so that you do not request time updates too frequently from your external source(s).

-saige-
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 250 total points
ID: 40427023
I agree with it_saige.  If this redeployed server is configured as a trusted time source, you can point the PDC Holder to that device.  This also allows you to reduce the outbound NTP traffic and limit it to only this physical server.

BTW, external time source refers to a device providing reliable NTP services, that is not contained within the PDC holder server.  The external time source can easily be an NTP device on the internal network.

Whether or not your reliable NTP server is inside of outside your network, in no way dictates the frequency of time update requests.  The frequency of updates is dictated by the configuration of the service making the requests.

Dan
0

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now